RE: saving sensitive data with md5

Sun, 18 Mar 2007 11:44:49 -0800 

Sure, use the beforeSave and beforeFind on the model side.

class User extends AppModel {
        // ...
        function beforeSave() {

                if (isset($this->data[$this->name]['password'])) {
                        $this->data[$this->name]['password'] =
md5($this->data[$this->name]['password']);
                }

                return parent::beforeSave();
        }

        function beforeFind($queryData) {
                if (isset($queryData[$this->name]['password'])) {
                        $queryData[$this->name]['password'] =
md5($this->data[$this->name]['password']);
                }

                return $queryData;
        }
}

This way when from your controller you are saving the model having the
password field set, it will automatically hash it:

$data = array(
        'User' => array('user' => 'mariano', 'password' => 'password')
);

$this->User->save($data);

The same way when you are looking for a record if you set the password field
as part of the data to be searched for, it will hash it:

$conditions = array(
        'User' => array('user' => 'mariano', 'password' => 'password')
);

$result = $this->User->find($conditions);

-MI

---------------------------------------------------------------------------

Remember, smart coders answer ten questions for every question they ask. 
So be smart, be cool, and share your knowledge. 

BAKE ON!

blog: http://www.MarianoIglesias.com.ar


-----Mensaje original-----
De: [email protected] [mailto:[EMAIL PROTECTED] En nombre
de billybob
Enviado el: Domingo, 18 de Marzo de 2007 02:12 p.m.
Para: Cake PHP
Asunto: saving sensitive data with md5

I'm using cake's MVC approach which works really great.  I like the
ability to use the MVC and save from the controller; it makes things
nice and is very easy.  I did run into a problem which I can't figure
out, however.  Let's say I want to save sensitive information like a
password in the database.  Currently, it appears cake will only let
you save in clear text (won't let you hash) in the default MVC
approach.


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake 
PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to